1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. FirewallPolicyWithRules
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.compute.FirewallPolicyWithRules

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    Example Usage

    Compute Firewall Policy With Rules Full

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const project = gcp.organizations.getProject({});
    const addressGroup1 = new gcp.networksecurity.AddressGroup("address_group_1", {
        name: "tf-address-group",
        parent: "organizations/123456789",
        description: "Global address group",
        location: "global",
        items: ["208.80.154.224/32"],
        type: "IPV4",
        capacity: 100,
    });
    const securityProfile1 = new gcp.networksecurity.SecurityProfile("security_profile_1", {
        name: "tf-security-profile",
        type: "THREAT_PREVENTION",
        parent: "organizations/123456789",
        location: "global",
    });
    const securityProfileGroup1 = new gcp.networksecurity.SecurityProfileGroup("security_profile_group_1", {
        name: "tf-security-profile-group",
        parent: "organizations/123456789",
        description: "my description",
        threatPreventionProfile: securityProfile1.id,
    });
    const firewall_policy_with_rules = new gcp.compute.FirewallPolicyWithRules("firewall-policy-with-rules", {
        shortName: "tf-fw-org-policy-with-rules",
        description: "Terraform test",
        parent: "organizations/123456789",
        rules: [
            {
                description: "tcp rule",
                priority: 1000,
                enableLogging: true,
                action: "allow",
                direction: "EGRESS",
                match: {
                    layer4Configs: [{
                        ipProtocol: "tcp",
                        ports: [
                            "8080",
                            "7070",
                        ],
                    }],
                    destIpRanges: ["11.100.0.1/32"],
                    destFqdns: [
                        "www.yyy.com",
                        "www.zzz.com",
                    ],
                    destRegionCodes: [
                        "HK",
                        "IN",
                    ],
                    destThreatIntelligences: [
                        "iplist-search-engines-crawlers",
                        "iplist-tor-exit-nodes",
                    ],
                    destAddressGroups: [addressGroup1.id],
                },
                targetResources: [project.then(project => `https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default`)],
            },
            {
                description: "udp rule",
                priority: 2000,
                enableLogging: false,
                action: "deny",
                direction: "INGRESS",
                match: {
                    layer4Configs: [{
                        ipProtocol: "udp",
                    }],
                    srcIpRanges: ["0.0.0.0/0"],
                    srcFqdns: [
                        "www.abc.com",
                        "www.def.com",
                    ],
                    srcRegionCodes: [
                        "US",
                        "CA",
                    ],
                    srcThreatIntelligences: [
                        "iplist-known-malicious-ips",
                        "iplist-public-clouds",
                    ],
                    srcAddressGroups: [addressGroup1.id],
                },
                disabled: true,
            },
            {
                description: "security profile group rule",
                ruleName: "tcp rule",
                priority: 3000,
                enableLogging: false,
                action: "apply_security_profile_group",
                direction: "INGRESS",
                match: {
                    layer4Configs: [{
                        ipProtocol: "tcp",
                    }],
                    srcIpRanges: ["0.0.0.0/0"],
                },
                targetServiceAccounts: ["test@google.com"],
                securityProfileGroup: pulumi.interpolate`//networksecurity.googleapis.com/${securityProfileGroup1.id}`,
                tlsInspect: true,
            },
        ],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    project = gcp.organizations.get_project()
    address_group1 = gcp.networksecurity.AddressGroup("address_group_1",
        name="tf-address-group",
        parent="organizations/123456789",
        description="Global address group",
        location="global",
        items=["208.80.154.224/32"],
        type="IPV4",
        capacity=100)
    security_profile1 = gcp.networksecurity.SecurityProfile("security_profile_1",
        name="tf-security-profile",
        type="THREAT_PREVENTION",
        parent="organizations/123456789",
        location="global")
    security_profile_group1 = gcp.networksecurity.SecurityProfileGroup("security_profile_group_1",
        name="tf-security-profile-group",
        parent="organizations/123456789",
        description="my description",
        threat_prevention_profile=security_profile1.id)
    firewall_policy_with_rules = gcp.compute.FirewallPolicyWithRules("firewall-policy-with-rules",
        short_name="tf-fw-org-policy-with-rules",
        description="Terraform test",
        parent="organizations/123456789",
        rules=[
            {
                "description": "tcp rule",
                "priority": 1000,
                "enable_logging": True,
                "action": "allow",
                "direction": "EGRESS",
                "match": {
                    "layer4_configs": [{
                        "ip_protocol": "tcp",
                        "ports": [
                            "8080",
                            "7070",
                        ],
                    }],
                    "dest_ip_ranges": ["11.100.0.1/32"],
                    "dest_fqdns": [
                        "www.yyy.com",
                        "www.zzz.com",
                    ],
                    "dest_region_codes": [
                        "HK",
                        "IN",
                    ],
                    "dest_threat_intelligences": [
                        "iplist-search-engines-crawlers",
                        "iplist-tor-exit-nodes",
                    ],
                    "dest_address_groups": [address_group1.id],
                },
                "target_resources": [f"https://www.googleapis.com/compute/beta/projects/{project.name}/global/networks/default"],
            },
            {
                "description": "udp rule",
                "priority": 2000,
                "enable_logging": False,
                "action": "deny",
                "direction": "INGRESS",
                "match": {
                    "layer4_configs": [{
                        "ip_protocol": "udp",
                    }],
                    "src_ip_ranges": ["0.0.0.0/0"],
                    "src_fqdns": [
                        "www.abc.com",
                        "www.def.com",
                    ],
                    "src_region_codes": [
                        "US",
                        "CA",
                    ],
                    "src_threat_intelligences": [
                        "iplist-known-malicious-ips",
                        "iplist-public-clouds",
                    ],
                    "src_address_groups": [address_group1.id],
                },
                "disabled": True,
            },
            {
                "description": "security profile group rule",
                "rule_name": "tcp rule",
                "priority": 3000,
                "enable_logging": False,
                "action": "apply_security_profile_group",
                "direction": "INGRESS",
                "match": {
                    "layer4_configs": [{
                        "ip_protocol": "tcp",
                    }],
                    "src_ip_ranges": ["0.0.0.0/0"],
                },
                "target_service_accounts": ["test@google.com"],
                "security_profile_group": security_profile_group1.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
                "tls_inspect": True,
            },
        ])
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
    		if err != nil {
    			return err
    		}
    		addressGroup1, err := networksecurity.NewAddressGroup(ctx, "address_group_1", &networksecurity.AddressGroupArgs{
    			Name:        pulumi.String("tf-address-group"),
    			Parent:      pulumi.String("organizations/123456789"),
    			Description: pulumi.String("Global address group"),
    			Location:    pulumi.String("global"),
    			Items: pulumi.StringArray{
    				pulumi.String("208.80.154.224/32"),
    			},
    			Type:     pulumi.String("IPV4"),
    			Capacity: pulumi.Int(100),
    		})
    		if err != nil {
    			return err
    		}
    		securityProfile1, err := networksecurity.NewSecurityProfile(ctx, "security_profile_1", &networksecurity.SecurityProfileArgs{
    			Name:     pulumi.String("tf-security-profile"),
    			Type:     pulumi.String("THREAT_PREVENTION"),
    			Parent:   pulumi.String("organizations/123456789"),
    			Location: pulumi.String("global"),
    		})
    		if err != nil {
    			return err
    		}
    		securityProfileGroup1, err := networksecurity.NewSecurityProfileGroup(ctx, "security_profile_group_1", &networksecurity.SecurityProfileGroupArgs{
    			Name:                    pulumi.String("tf-security-profile-group"),
    			Parent:                  pulumi.String("organizations/123456789"),
    			Description:             pulumi.String("my description"),
    			ThreatPreventionProfile: securityProfile1.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewallPolicyWithRules(ctx, "firewall-policy-with-rules", &compute.FirewallPolicyWithRulesArgs{
    			ShortName:   pulumi.String("tf-fw-org-policy-with-rules"),
    			Description: pulumi.String("Terraform test"),
    			Parent:      pulumi.String("organizations/123456789"),
    			Rules: compute.FirewallPolicyWithRulesRuleArray{
    				&compute.FirewallPolicyWithRulesRuleArgs{
    					Description:   pulumi.String("tcp rule"),
    					Priority:      pulumi.Int(1000),
    					EnableLogging: pulumi.Bool(true),
    					Action:        pulumi.String("allow"),
    					Direction:     pulumi.String("EGRESS"),
    					Match: &compute.FirewallPolicyWithRulesRuleMatchArgs{
    						Layer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{
    							&compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{
    								IpProtocol: pulumi.String("tcp"),
    								Ports: pulumi.StringArray{
    									pulumi.String("8080"),
    									pulumi.String("7070"),
    								},
    							},
    						},
    						DestIpRanges: pulumi.StringArray{
    							pulumi.String("11.100.0.1/32"),
    						},
    						DestFqdns: pulumi.StringArray{
    							pulumi.String("www.yyy.com"),
    							pulumi.String("www.zzz.com"),
    						},
    						DestRegionCodes: pulumi.StringArray{
    							pulumi.String("HK"),
    							pulumi.String("IN"),
    						},
    						DestThreatIntelligences: pulumi.StringArray{
    							pulumi.String("iplist-search-engines-crawlers"),
    							pulumi.String("iplist-tor-exit-nodes"),
    						},
    						DestAddressGroups: pulumi.StringArray{
    							addressGroup1.ID(),
    						},
    					},
    					TargetResources: pulumi.StringArray{
    						pulumi.Sprintf("https://www.googleapis.com/compute/beta/projects/%v/global/networks/default", project.Name),
    					},
    				},
    				&compute.FirewallPolicyWithRulesRuleArgs{
    					Description:   pulumi.String("udp rule"),
    					Priority:      pulumi.Int(2000),
    					EnableLogging: pulumi.Bool(false),
    					Action:        pulumi.String("deny"),
    					Direction:     pulumi.String("INGRESS"),
    					Match: &compute.FirewallPolicyWithRulesRuleMatchArgs{
    						Layer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{
    							&compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{
    								IpProtocol: pulumi.String("udp"),
    							},
    						},
    						SrcIpRanges: pulumi.StringArray{
    							pulumi.String("0.0.0.0/0"),
    						},
    						SrcFqdns: pulumi.StringArray{
    							pulumi.String("www.abc.com"),
    							pulumi.String("www.def.com"),
    						},
    						SrcRegionCodes: pulumi.StringArray{
    							pulumi.String("US"),
    							pulumi.String("CA"),
    						},
    						SrcThreatIntelligences: pulumi.StringArray{
    							pulumi.String("iplist-known-malicious-ips"),
    							pulumi.String("iplist-public-clouds"),
    						},
    						SrcAddressGroups: pulumi.StringArray{
    							addressGroup1.ID(),
    						},
    					},
    					Disabled: pulumi.Bool(true),
    				},
    				&compute.FirewallPolicyWithRulesRuleArgs{
    					Description:   pulumi.String("security profile group rule"),
    					RuleName:      pulumi.String("tcp rule"),
    					Priority:      pulumi.Int(3000),
    					EnableLogging: pulumi.Bool(false),
    					Action:        pulumi.String("apply_security_profile_group"),
    					Direction:     pulumi.String("INGRESS"),
    					Match: &compute.FirewallPolicyWithRulesRuleMatchArgs{
    						Layer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{
    							&compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{
    								IpProtocol: pulumi.String("tcp"),
    							},
    						},
    						SrcIpRanges: pulumi.StringArray{
    							pulumi.String("0.0.0.0/0"),
    						},
    					},
    					TargetServiceAccounts: pulumi.StringArray{
    						pulumi.String("test@google.com"),
    					},
    					SecurityProfileGroup: securityProfileGroup1.ID().ApplyT(func(id string) (string, error) {
    						return fmt.Sprintf("//networksecurity.googleapis.com/%v", id), nil
    					}).(pulumi.StringOutput),
    					TlsInspect: pulumi.Bool(true),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var project = Gcp.Organizations.GetProject.Invoke();
    
        var addressGroup1 = new Gcp.NetworkSecurity.AddressGroup("address_group_1", new()
        {
            Name = "tf-address-group",
            Parent = "organizations/123456789",
            Description = "Global address group",
            Location = "global",
            Items = new[]
            {
                "208.80.154.224/32",
            },
            Type = "IPV4",
            Capacity = 100,
        });
    
        var securityProfile1 = new Gcp.NetworkSecurity.SecurityProfile("security_profile_1", new()
        {
            Name = "tf-security-profile",
            Type = "THREAT_PREVENTION",
            Parent = "organizations/123456789",
            Location = "global",
        });
    
        var securityProfileGroup1 = new Gcp.NetworkSecurity.SecurityProfileGroup("security_profile_group_1", new()
        {
            Name = "tf-security-profile-group",
            Parent = "organizations/123456789",
            Description = "my description",
            ThreatPreventionProfile = securityProfile1.Id,
        });
    
        var firewall_policy_with_rules = new Gcp.Compute.FirewallPolicyWithRules("firewall-policy-with-rules", new()
        {
            ShortName = "tf-fw-org-policy-with-rules",
            Description = "Terraform test",
            Parent = "organizations/123456789",
            Rules = new[]
            {
                new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs
                {
                    Description = "tcp rule",
                    Priority = 1000,
                    EnableLogging = true,
                    Action = "allow",
                    Direction = "EGRESS",
                    Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs
                    {
                        Layer4Configs = new[]
                        {
                            new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs
                            {
                                IpProtocol = "tcp",
                                Ports = new[]
                                {
                                    "8080",
                                    "7070",
                                },
                            },
                        },
                        DestIpRanges = new[]
                        {
                            "11.100.0.1/32",
                        },
                        DestFqdns = new[]
                        {
                            "www.yyy.com",
                            "www.zzz.com",
                        },
                        DestRegionCodes = new[]
                        {
                            "HK",
                            "IN",
                        },
                        DestThreatIntelligences = new[]
                        {
                            "iplist-search-engines-crawlers",
                            "iplist-tor-exit-nodes",
                        },
                        DestAddressGroups = new[]
                        {
                            addressGroup1.Id,
                        },
                    },
                    TargetResources = new[]
                    {
                        $"https://www.googleapis.com/compute/beta/projects/{project.Apply(getProjectResult => getProjectResult.Name)}/global/networks/default",
                    },
                },
                new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs
                {
                    Description = "udp rule",
                    Priority = 2000,
                    EnableLogging = false,
                    Action = "deny",
                    Direction = "INGRESS",
                    Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs
                    {
                        Layer4Configs = new[]
                        {
                            new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs
                            {
                                IpProtocol = "udp",
                            },
                        },
                        SrcIpRanges = new[]
                        {
                            "0.0.0.0/0",
                        },
                        SrcFqdns = new[]
                        {
                            "www.abc.com",
                            "www.def.com",
                        },
                        SrcRegionCodes = new[]
                        {
                            "US",
                            "CA",
                        },
                        SrcThreatIntelligences = new[]
                        {
                            "iplist-known-malicious-ips",
                            "iplist-public-clouds",
                        },
                        SrcAddressGroups = new[]
                        {
                            addressGroup1.Id,
                        },
                    },
                    Disabled = true,
                },
                new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs
                {
                    Description = "security profile group rule",
                    RuleName = "tcp rule",
                    Priority = 3000,
                    EnableLogging = false,
                    Action = "apply_security_profile_group",
                    Direction = "INGRESS",
                    Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs
                    {
                        Layer4Configs = new[]
                        {
                            new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs
                            {
                                IpProtocol = "tcp",
                            },
                        },
                        SrcIpRanges = new[]
                        {
                            "0.0.0.0/0",
                        },
                    },
                    TargetServiceAccounts = new[]
                    {
                        "test@google.com",
                    },
                    SecurityProfileGroup = securityProfileGroup1.Id.Apply(id => $"//networksecurity.googleapis.com/{id}"),
                    TlsInspect = true,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.organizations.OrganizationsFunctions;
    import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
    import com.pulumi.gcp.networksecurity.AddressGroup;
    import com.pulumi.gcp.networksecurity.AddressGroupArgs;
    import com.pulumi.gcp.networksecurity.SecurityProfile;
    import com.pulumi.gcp.networksecurity.SecurityProfileArgs;
    import com.pulumi.gcp.networksecurity.SecurityProfileGroup;
    import com.pulumi.gcp.networksecurity.SecurityProfileGroupArgs;
    import com.pulumi.gcp.compute.FirewallPolicyWithRules;
    import com.pulumi.gcp.compute.FirewallPolicyWithRulesArgs;
    import com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleArgs;
    import com.pulumi.gcp.compute.inputs.FirewallPolicyWithRulesRuleMatchArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var project = OrganizationsFunctions.getProject();
    
            var addressGroup1 = new AddressGroup("addressGroup1", AddressGroupArgs.builder()
                .name("tf-address-group")
                .parent("organizations/123456789")
                .description("Global address group")
                .location("global")
                .items("208.80.154.224/32")
                .type("IPV4")
                .capacity(100)
                .build());
    
            var securityProfile1 = new SecurityProfile("securityProfile1", SecurityProfileArgs.builder()
                .name("tf-security-profile")
                .type("THREAT_PREVENTION")
                .parent("organizations/123456789")
                .location("global")
                .build());
    
            var securityProfileGroup1 = new SecurityProfileGroup("securityProfileGroup1", SecurityProfileGroupArgs.builder()
                .name("tf-security-profile-group")
                .parent("organizations/123456789")
                .description("my description")
                .threatPreventionProfile(securityProfile1.id())
                .build());
    
            var firewall_policy_with_rules = new FirewallPolicyWithRules("firewall-policy-with-rules", FirewallPolicyWithRulesArgs.builder()
                .shortName("tf-fw-org-policy-with-rules")
                .description("Terraform test")
                .parent("organizations/123456789")
                .rules(            
                    FirewallPolicyWithRulesRuleArgs.builder()
                        .description("tcp rule")
                        .priority(1000)
                        .enableLogging(true)
                        .action("allow")
                        .direction("EGRESS")
                        .match(FirewallPolicyWithRulesRuleMatchArgs.builder()
                            .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()
                                .ipProtocol("tcp")
                                .ports(                            
                                    8080,
                                    7070)
                                .build())
                            .destIpRanges("11.100.0.1/32")
                            .destFqdns(                        
                                "www.yyy.com",
                                "www.zzz.com")
                            .destRegionCodes(                        
                                "HK",
                                "IN")
                            .destThreatIntelligences(                        
                                "iplist-search-engines-crawlers",
                                "iplist-tor-exit-nodes")
                            .destAddressGroups(addressGroup1.id())
                            .build())
                        .targetResources(String.format("https://www.googleapis.com/compute/beta/projects/%s/global/networks/default", project.applyValue(getProjectResult -> getProjectResult.name())))
                        .build(),
                    FirewallPolicyWithRulesRuleArgs.builder()
                        .description("udp rule")
                        .priority(2000)
                        .enableLogging(false)
                        .action("deny")
                        .direction("INGRESS")
                        .match(FirewallPolicyWithRulesRuleMatchArgs.builder()
                            .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()
                                .ipProtocol("udp")
                                .build())
                            .srcIpRanges("0.0.0.0/0")
                            .srcFqdns(                        
                                "www.abc.com",
                                "www.def.com")
                            .srcRegionCodes(                        
                                "US",
                                "CA")
                            .srcThreatIntelligences(                        
                                "iplist-known-malicious-ips",
                                "iplist-public-clouds")
                            .srcAddressGroups(addressGroup1.id())
                            .build())
                        .disabled(true)
                        .build(),
                    FirewallPolicyWithRulesRuleArgs.builder()
                        .description("security profile group rule")
                        .ruleName("tcp rule")
                        .priority(3000)
                        .enableLogging(false)
                        .action("apply_security_profile_group")
                        .direction("INGRESS")
                        .match(FirewallPolicyWithRulesRuleMatchArgs.builder()
                            .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()
                                .ipProtocol("tcp")
                                .build())
                            .srcIpRanges("0.0.0.0/0")
                            .build())
                        .targetServiceAccounts("test@google.com")
                        .securityProfileGroup(securityProfileGroup1.id().applyValue(id -> String.format("//networksecurity.googleapis.com/%s", id)))
                        .tlsInspect(true)
                        .build())
                .build());
    
        }
    }
    
    resources:
      firewall-policy-with-rules:
        type: gcp:compute:FirewallPolicyWithRules
        properties:
          shortName: tf-fw-org-policy-with-rules
          description: Terraform test
          parent: organizations/123456789
          rules:
            - description: tcp rule
              priority: 1000
              enableLogging: true
              action: allow
              direction: EGRESS
              match:
                layer4Configs:
                  - ipProtocol: tcp
                    ports:
                      - 8080
                      - 7070
                destIpRanges:
                  - 11.100.0.1/32
                destFqdns:
                  - www.yyy.com
                  - www.zzz.com
                destRegionCodes:
                  - HK
                  - IN
                destThreatIntelligences:
                  - iplist-search-engines-crawlers
                  - iplist-tor-exit-nodes
                destAddressGroups:
                  - ${addressGroup1.id}
              targetResources:
                - https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default
            - description: udp rule
              priority: 2000
              enableLogging: false
              action: deny
              direction: INGRESS
              match:
                layer4Configs:
                  - ipProtocol: udp
                srcIpRanges:
                  - 0.0.0.0/0
                srcFqdns:
                  - www.abc.com
                  - www.def.com
                srcRegionCodes:
                  - US
                  - CA
                srcThreatIntelligences:
                  - iplist-known-malicious-ips
                  - iplist-public-clouds
                srcAddressGroups:
                  - ${addressGroup1.id}
              disabled: true
            - description: security profile group rule
              ruleName: tcp rule
              priority: 3000
              enableLogging: false
              action: apply_security_profile_group
              direction: INGRESS
              match:
                layer4Configs:
                  - ipProtocol: tcp
                srcIpRanges:
                  - 0.0.0.0/0
              targetServiceAccounts:
                - test@google.com
              securityProfileGroup: //networksecurity.googleapis.com/${securityProfileGroup1.id}
              tlsInspect: true
      addressGroup1:
        type: gcp:networksecurity:AddressGroup
        name: address_group_1
        properties:
          name: tf-address-group
          parent: organizations/123456789
          description: Global address group
          location: global
          items:
            - 208.80.154.224/32
          type: IPV4
          capacity: 100
      securityProfileGroup1:
        type: gcp:networksecurity:SecurityProfileGroup
        name: security_profile_group_1
        properties:
          name: tf-security-profile-group
          parent: organizations/123456789
          description: my description
          threatPreventionProfile: ${securityProfile1.id}
      securityProfile1:
        type: gcp:networksecurity:SecurityProfile
        name: security_profile_1
        properties:
          name: tf-security-profile
          type: THREAT_PREVENTION
          parent: organizations/123456789
          location: global
    variables:
      project:
        fn::invoke:
          Function: gcp:organizations:getProject
          Arguments: {}
    

    Create FirewallPolicyWithRules Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FirewallPolicyWithRules(name: string, args: FirewallPolicyWithRulesArgs, opts?: CustomResourceOptions);
    @overload
    def FirewallPolicyWithRules(resource_name: str,
                                args: FirewallPolicyWithRulesArgs,
                                opts: Optional[ResourceOptions] = None)
    
    @overload
    def FirewallPolicyWithRules(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                parent: Optional[str] = None,
                                rules: Optional[Sequence[FirewallPolicyWithRulesRuleArgs]] = None,
                                short_name: Optional[str] = None,
                                description: Optional[str] = None)
    func NewFirewallPolicyWithRules(ctx *Context, name string, args FirewallPolicyWithRulesArgs, opts ...ResourceOption) (*FirewallPolicyWithRules, error)
    public FirewallPolicyWithRules(string name, FirewallPolicyWithRulesArgs args, CustomResourceOptions? opts = null)
    public FirewallPolicyWithRules(String name, FirewallPolicyWithRulesArgs args)
    public FirewallPolicyWithRules(String name, FirewallPolicyWithRulesArgs args, CustomResourceOptions options)
    
    type: gcp:compute:FirewallPolicyWithRules
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallPolicyWithRulesArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallPolicyWithRulesArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallPolicyWithRulesArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallPolicyWithRulesArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallPolicyWithRulesArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var firewallPolicyWithRulesResource = new Gcp.Compute.FirewallPolicyWithRules("firewallPolicyWithRulesResource", new()
    {
        Parent = "string",
        Rules = new[]
        {
            new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleArgs
            {
                Action = "string",
                Match = new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchArgs
                {
                    Layer4Configs = new[]
                    {
                        new Gcp.Compute.Inputs.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs
                        {
                            IpProtocol = "string",
                            Ports = new[]
                            {
                                "string",
                            },
                        },
                    },
                    DestAddressGroups = new[]
                    {
                        "string",
                    },
                    DestFqdns = new[]
                    {
                        "string",
                    },
                    DestIpRanges = new[]
                    {
                        "string",
                    },
                    DestRegionCodes = new[]
                    {
                        "string",
                    },
                    DestThreatIntelligences = new[]
                    {
                        "string",
                    },
                    SrcAddressGroups = new[]
                    {
                        "string",
                    },
                    SrcFqdns = new[]
                    {
                        "string",
                    },
                    SrcIpRanges = new[]
                    {
                        "string",
                    },
                    SrcRegionCodes = new[]
                    {
                        "string",
                    },
                    SrcThreatIntelligences = new[]
                    {
                        "string",
                    },
                },
                Priority = 0,
                Description = "string",
                Direction = "string",
                Disabled = false,
                EnableLogging = false,
                RuleName = "string",
                SecurityProfileGroup = "string",
                TargetResources = new[]
                {
                    "string",
                },
                TargetServiceAccounts = new[]
                {
                    "string",
                },
                TlsInspect = false,
            },
        },
        ShortName = "string",
        Description = "string",
    });
    
    example, err := compute.NewFirewallPolicyWithRules(ctx, "firewallPolicyWithRulesResource", &compute.FirewallPolicyWithRulesArgs{
    	Parent: pulumi.String("string"),
    	Rules: compute.FirewallPolicyWithRulesRuleArray{
    		&compute.FirewallPolicyWithRulesRuleArgs{
    			Action: pulumi.String("string"),
    			Match: &compute.FirewallPolicyWithRulesRuleMatchArgs{
    				Layer4Configs: compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArray{
    					&compute.FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs{
    						IpProtocol: pulumi.String("string"),
    						Ports: pulumi.StringArray{
    							pulumi.String("string"),
    						},
    					},
    				},
    				DestAddressGroups: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				DestFqdns: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				DestIpRanges: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				DestRegionCodes: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				DestThreatIntelligences: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				SrcAddressGroups: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				SrcFqdns: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				SrcIpRanges: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				SrcRegionCodes: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				SrcThreatIntelligences: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    			Priority:             pulumi.Int(0),
    			Description:          pulumi.String("string"),
    			Direction:            pulumi.String("string"),
    			Disabled:             pulumi.Bool(false),
    			EnableLogging:        pulumi.Bool(false),
    			RuleName:             pulumi.String("string"),
    			SecurityProfileGroup: pulumi.String("string"),
    			TargetResources: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			TargetServiceAccounts: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			TlsInspect: pulumi.Bool(false),
    		},
    	},
    	ShortName:   pulumi.String("string"),
    	Description: pulumi.String("string"),
    })
    
    var firewallPolicyWithRulesResource = new FirewallPolicyWithRules("firewallPolicyWithRulesResource", FirewallPolicyWithRulesArgs.builder()
        .parent("string")
        .rules(FirewallPolicyWithRulesRuleArgs.builder()
            .action("string")
            .match(FirewallPolicyWithRulesRuleMatchArgs.builder()
                .layer4Configs(FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs.builder()
                    .ipProtocol("string")
                    .ports("string")
                    .build())
                .destAddressGroups("string")
                .destFqdns("string")
                .destIpRanges("string")
                .destRegionCodes("string")
                .destThreatIntelligences("string")
                .srcAddressGroups("string")
                .srcFqdns("string")
                .srcIpRanges("string")
                .srcRegionCodes("string")
                .srcThreatIntelligences("string")
                .build())
            .priority(0)
            .description("string")
            .direction("string")
            .disabled(false)
            .enableLogging(false)
            .ruleName("string")
            .securityProfileGroup("string")
            .targetResources("string")
            .targetServiceAccounts("string")
            .tlsInspect(false)
            .build())
        .shortName("string")
        .description("string")
        .build());
    
    firewall_policy_with_rules_resource = gcp.compute.FirewallPolicyWithRules("firewallPolicyWithRulesResource",
        parent="string",
        rules=[{
            "action": "string",
            "match": {
                "layer4_configs": [{
                    "ip_protocol": "string",
                    "ports": ["string"],
                }],
                "dest_address_groups": ["string"],
                "dest_fqdns": ["string"],
                "dest_ip_ranges": ["string"],
                "dest_region_codes": ["string"],
                "dest_threat_intelligences": ["string"],
                "src_address_groups": ["string"],
                "src_fqdns": ["string"],
                "src_ip_ranges": ["string"],
                "src_region_codes": ["string"],
                "src_threat_intelligences": ["string"],
            },
            "priority": 0,
            "description": "string",
            "direction": "string",
            "disabled": False,
            "enable_logging": False,
            "rule_name": "string",
            "security_profile_group": "string",
            "target_resources": ["string"],
            "target_service_accounts": ["string"],
            "tls_inspect": False,
        }],
        short_name="string",
        description="string")
    
    const firewallPolicyWithRulesResource = new gcp.compute.FirewallPolicyWithRules("firewallPolicyWithRulesResource", {
        parent: "string",
        rules: [{
            action: "string",
            match: {
                layer4Configs: [{
                    ipProtocol: "string",
                    ports: ["string"],
                }],
                destAddressGroups: ["string"],
                destFqdns: ["string"],
                destIpRanges: ["string"],
                destRegionCodes: ["string"],
                destThreatIntelligences: ["string"],
                srcAddressGroups: ["string"],
                srcFqdns: ["string"],
                srcIpRanges: ["string"],
                srcRegionCodes: ["string"],
                srcThreatIntelligences: ["string"],
            },
            priority: 0,
            description: "string",
            direction: "string",
            disabled: false,
            enableLogging: false,
            ruleName: "string",
            securityProfileGroup: "string",
            targetResources: ["string"],
            targetServiceAccounts: ["string"],
            tlsInspect: false,
        }],
        shortName: "string",
        description: "string",
    });
    
    type: gcp:compute:FirewallPolicyWithRules
    properties:
        description: string
        parent: string
        rules:
            - action: string
              description: string
              direction: string
              disabled: false
              enableLogging: false
              match:
                destAddressGroups:
                    - string
                destFqdns:
                    - string
                destIpRanges:
                    - string
                destRegionCodes:
                    - string
                destThreatIntelligences:
                    - string
                layer4Configs:
                    - ipProtocol: string
                      ports:
                        - string
                srcAddressGroups:
                    - string
                srcFqdns:
                    - string
                srcIpRanges:
                    - string
                srcRegionCodes:
                    - string
                srcThreatIntelligences:
                    - string
              priority: 0
              ruleName: string
              securityProfileGroup: string
              targetResources:
                - string
              targetServiceAccounts:
                - string
              tlsInspect: false
        shortName: string
    

    FirewallPolicyWithRules Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FirewallPolicyWithRules resource accepts the following input properties:

    Parent string
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    Rules List<FirewallPolicyWithRulesRule>
    A list of firewall policy rules. Structure is documented below.
    ShortName string
    A textual name of the security policy.
    Description string
    (Output) A description of the rule.
    Parent string
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    Rules []FirewallPolicyWithRulesRuleArgs
    A list of firewall policy rules. Structure is documented below.
    ShortName string
    A textual name of the security policy.
    Description string
    (Output) A description of the rule.
    parent String
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    rules List<FirewallPolicyWithRulesRule>
    A list of firewall policy rules. Structure is documented below.
    shortName String
    A textual name of the security policy.
    description String
    (Output) A description of the rule.
    parent string
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    rules FirewallPolicyWithRulesRule[]
    A list of firewall policy rules. Structure is documented below.
    shortName string
    A textual name of the security policy.
    description string
    (Output) A description of the rule.
    parent str
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    rules Sequence[FirewallPolicyWithRulesRuleArgs]
    A list of firewall policy rules. Structure is documented below.
    short_name str
    A textual name of the security policy.
    description str
    (Output) A description of the rule.
    parent String
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    rules List<Property Map>
    A list of firewall policy rules. Structure is documented below.
    shortName String
    A textual name of the security policy.
    description String
    (Output) A description of the rule.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FirewallPolicyWithRules resource produces the following output properties:

    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Fingerprint string
    Fingerprint of the resource. This field is used internally during updates of this resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    PredefinedRules List<FirewallPolicyWithRulesPredefinedRule>
    A list of pre-define firewall policy rules. Structure is documented below.
    RuleTupleCount int
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithId string
    Server-defined URL for this resource with the resource id.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Fingerprint string
    Fingerprint of the resource. This field is used internally during updates of this resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    PredefinedRules []FirewallPolicyWithRulesPredefinedRule
    A list of pre-define firewall policy rules. Structure is documented below.
    RuleTupleCount int
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithId string
    Server-defined URL for this resource with the resource id.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    fingerprint String
    Fingerprint of the resource. This field is used internally during updates of this resource.
    id String
    The provider-assigned unique ID for this managed resource.
    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    predefinedRules List<FirewallPolicyWithRulesPredefinedRule>
    A list of pre-define firewall policy rules. Structure is documented below.
    ruleTupleCount Integer
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithId String
    Server-defined URL for this resource with the resource id.
    creationTimestamp string
    Creation timestamp in RFC3339 text format.
    fingerprint string
    Fingerprint of the resource. This field is used internally during updates of this resource.
    id string
    The provider-assigned unique ID for this managed resource.
    policyId string
    The unique identifier for the resource. This identifier is defined by the server.
    predefinedRules FirewallPolicyWithRulesPredefinedRule[]
    A list of pre-define firewall policy rules. Structure is documented below.
    ruleTupleCount number
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    selfLink string
    Server-defined URL for the resource.
    selfLinkWithId string
    Server-defined URL for this resource with the resource id.
    creation_timestamp str
    Creation timestamp in RFC3339 text format.
    fingerprint str
    Fingerprint of the resource. This field is used internally during updates of this resource.
    id str
    The provider-assigned unique ID for this managed resource.
    policy_id str
    The unique identifier for the resource. This identifier is defined by the server.
    predefined_rules Sequence[FirewallPolicyWithRulesPredefinedRule]
    A list of pre-define firewall policy rules. Structure is documented below.
    rule_tuple_count int
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    self_link str
    Server-defined URL for the resource.
    self_link_with_id str
    Server-defined URL for this resource with the resource id.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    fingerprint String
    Fingerprint of the resource. This field is used internally during updates of this resource.
    id String
    The provider-assigned unique ID for this managed resource.
    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    predefinedRules List<Property Map>
    A list of pre-define firewall policy rules. Structure is documented below.
    ruleTupleCount Number
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithId String
    Server-defined URL for this resource with the resource id.

    Look up Existing FirewallPolicyWithRules Resource

    Get an existing FirewallPolicyWithRules resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallPolicyWithRulesState, opts?: CustomResourceOptions): FirewallPolicyWithRules
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            creation_timestamp: Optional[str] = None,
            description: Optional[str] = None,
            fingerprint: Optional[str] = None,
            parent: Optional[str] = None,
            policy_id: Optional[str] = None,
            predefined_rules: Optional[Sequence[FirewallPolicyWithRulesPredefinedRuleArgs]] = None,
            rule_tuple_count: Optional[int] = None,
            rules: Optional[Sequence[FirewallPolicyWithRulesRuleArgs]] = None,
            self_link: Optional[str] = None,
            self_link_with_id: Optional[str] = None,
            short_name: Optional[str] = None) -> FirewallPolicyWithRules
    func GetFirewallPolicyWithRules(ctx *Context, name string, id IDInput, state *FirewallPolicyWithRulesState, opts ...ResourceOption) (*FirewallPolicyWithRules, error)
    public static FirewallPolicyWithRules Get(string name, Input<string> id, FirewallPolicyWithRulesState? state, CustomResourceOptions? opts = null)
    public static FirewallPolicyWithRules get(String name, Output<String> id, FirewallPolicyWithRulesState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Description string
    (Output) A description of the rule.
    Fingerprint string
    Fingerprint of the resource. This field is used internally during updates of this resource.
    Parent string
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    PredefinedRules List<FirewallPolicyWithRulesPredefinedRule>
    A list of pre-define firewall policy rules. Structure is documented below.
    RuleTupleCount int
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    Rules List<FirewallPolicyWithRulesRule>
    A list of firewall policy rules. Structure is documented below.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithId string
    Server-defined URL for this resource with the resource id.
    ShortName string
    A textual name of the security policy.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Description string
    (Output) A description of the rule.
    Fingerprint string
    Fingerprint of the resource. This field is used internally during updates of this resource.
    Parent string
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    PolicyId string
    The unique identifier for the resource. This identifier is defined by the server.
    PredefinedRules []FirewallPolicyWithRulesPredefinedRuleArgs
    A list of pre-define firewall policy rules. Structure is documented below.
    RuleTupleCount int
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    Rules []FirewallPolicyWithRulesRuleArgs
    A list of firewall policy rules. Structure is documented below.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithId string
    Server-defined URL for this resource with the resource id.
    ShortName string
    A textual name of the security policy.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    description String
    (Output) A description of the rule.
    fingerprint String
    Fingerprint of the resource. This field is used internally during updates of this resource.
    parent String
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    predefinedRules List<FirewallPolicyWithRulesPredefinedRule>
    A list of pre-define firewall policy rules. Structure is documented below.
    ruleTupleCount Integer
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    rules List<FirewallPolicyWithRulesRule>
    A list of firewall policy rules. Structure is documented below.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithId String
    Server-defined URL for this resource with the resource id.
    shortName String
    A textual name of the security policy.
    creationTimestamp string
    Creation timestamp in RFC3339 text format.
    description string
    (Output) A description of the rule.
    fingerprint string
    Fingerprint of the resource. This field is used internally during updates of this resource.
    parent string
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    policyId string
    The unique identifier for the resource. This identifier is defined by the server.
    predefinedRules FirewallPolicyWithRulesPredefinedRule[]
    A list of pre-define firewall policy rules. Structure is documented below.
    ruleTupleCount number
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    rules FirewallPolicyWithRulesRule[]
    A list of firewall policy rules. Structure is documented below.
    selfLink string
    Server-defined URL for the resource.
    selfLinkWithId string
    Server-defined URL for this resource with the resource id.
    shortName string
    A textual name of the security policy.
    creation_timestamp str
    Creation timestamp in RFC3339 text format.
    description str
    (Output) A description of the rule.
    fingerprint str
    Fingerprint of the resource. This field is used internally during updates of this resource.
    parent str
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    policy_id str
    The unique identifier for the resource. This identifier is defined by the server.
    predefined_rules Sequence[FirewallPolicyWithRulesPredefinedRuleArgs]
    A list of pre-define firewall policy rules. Structure is documented below.
    rule_tuple_count int
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    rules Sequence[FirewallPolicyWithRulesRuleArgs]
    A list of firewall policy rules. Structure is documented below.
    self_link str
    Server-defined URL for the resource.
    self_link_with_id str
    Server-defined URL for this resource with the resource id.
    short_name str
    A textual name of the security policy.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    description String
    (Output) A description of the rule.
    fingerprint String
    Fingerprint of the resource. This field is used internally during updates of this resource.
    parent String
    The parent of this FirewallPolicy in the Cloud Resource Hierarchy. Format: organizations/{organization_id} or folders/{folder_id}
    policyId String
    The unique identifier for the resource. This identifier is defined by the server.
    predefinedRules List<Property Map>
    A list of pre-define firewall policy rules. Structure is documented below.
    ruleTupleCount Number
    Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
    rules List<Property Map>
    A list of firewall policy rules. Structure is documented below.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithId String
    Server-defined URL for this resource with the resource id.
    shortName String
    A textual name of the security policy.

    Supporting Types

    FirewallPolicyWithRulesPredefinedRule, FirewallPolicyWithRulesPredefinedRuleArgs

    Action string
    (Output) The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    Description string
    (Output) A description of the rule.
    Direction string
    (Output) The direction in which this rule applies. If unspecified an INGRESS rule is created.
    Disabled bool
    (Output) Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    EnableLogging bool
    (Output) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    Matches List<FirewallPolicyWithRulesPredefinedRuleMatch>
    (Output) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    Priority int
    (Output) An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    RuleName string
    (Output) An optional name for the rule. This field is not a unique identifier and can be updated.
    SecurityProfileGroup string
    (Output) A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    TargetResources List<string>
    (Output) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts List<string>
    (Output) A list of service accounts indicating the sets of instances that are applied with this rule.
    TlsInspect bool
    (Output) Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    Action string
    (Output) The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    Description string
    (Output) A description of the rule.
    Direction string
    (Output) The direction in which this rule applies. If unspecified an INGRESS rule is created.
    Disabled bool
    (Output) Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    EnableLogging bool
    (Output) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    Matches []FirewallPolicyWithRulesPredefinedRuleMatch
    (Output) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    Priority int
    (Output) An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    RuleName string
    (Output) An optional name for the rule. This field is not a unique identifier and can be updated.
    SecurityProfileGroup string
    (Output) A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    TargetResources []string
    (Output) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts []string
    (Output) A list of service accounts indicating the sets of instances that are applied with this rule.
    TlsInspect bool
    (Output) Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action String
    (Output) The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    description String
    (Output) A description of the rule.
    direction String
    (Output) The direction in which this rule applies. If unspecified an INGRESS rule is created.
    disabled Boolean
    (Output) Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enableLogging Boolean
    (Output) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    matches List<FirewallPolicyWithRulesPredefinedRuleMatch>
    (Output) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority Integer
    (Output) An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    ruleName String
    (Output) An optional name for the rule. This field is not a unique identifier and can be updated.
    securityProfileGroup String
    (Output) A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    targetResources List<String>
    (Output) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    (Output) A list of service accounts indicating the sets of instances that are applied with this rule.
    tlsInspect Boolean
    (Output) Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action string
    (Output) The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    description string
    (Output) A description of the rule.
    direction string
    (Output) The direction in which this rule applies. If unspecified an INGRESS rule is created.
    disabled boolean
    (Output) Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enableLogging boolean
    (Output) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    matches FirewallPolicyWithRulesPredefinedRuleMatch[]
    (Output) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority number
    (Output) An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    ruleName string
    (Output) An optional name for the rule. This field is not a unique identifier and can be updated.
    securityProfileGroup string
    (Output) A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    targetResources string[]
    (Output) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts string[]
    (Output) A list of service accounts indicating the sets of instances that are applied with this rule.
    tlsInspect boolean
    (Output) Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action str
    (Output) The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    description str
    (Output) A description of the rule.
    direction str
    (Output) The direction in which this rule applies. If unspecified an INGRESS rule is created.
    disabled bool
    (Output) Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enable_logging bool
    (Output) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    matches Sequence[FirewallPolicyWithRulesPredefinedRuleMatch]
    (Output) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority int
    (Output) An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    rule_name str
    (Output) An optional name for the rule. This field is not a unique identifier and can be updated.
    security_profile_group str
    (Output) A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    target_resources Sequence[str]
    (Output) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    target_service_accounts Sequence[str]
    (Output) A list of service accounts indicating the sets of instances that are applied with this rule.
    tls_inspect bool
    (Output) Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action String
    (Output) The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    description String
    (Output) A description of the rule.
    direction String
    (Output) The direction in which this rule applies. If unspecified an INGRESS rule is created.
    disabled Boolean
    (Output) Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enableLogging Boolean
    (Output) Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    matches List<Property Map>
    (Output) A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority Number
    (Output) An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    ruleName String
    (Output) An optional name for the rule. This field is not a unique identifier and can be updated.
    securityProfileGroup String
    (Output) A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    targetResources List<String>
    (Output) A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    (Output) A list of service accounts indicating the sets of instances that are applied with this rule.
    tlsInspect Boolean
    (Output) Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.

    FirewallPolicyWithRulesPredefinedRuleMatch, FirewallPolicyWithRulesPredefinedRuleMatchArgs

    DestAddressGroups List<string>
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    DestFqdns List<string>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    DestIpRanges List<string>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    DestRegionCodes List<string>
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    DestThreatIntelligences List<string>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    Layer4Configs List<FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    SrcAddressGroups List<string>
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    SrcFqdns List<string>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    SrcIpRanges List<string>
    Source IP address range in CIDR format. Required for INGRESS rules.
    SrcRegionCodes List<string>
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    SrcThreatIntelligences List<string>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    DestAddressGroups []string
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    DestFqdns []string
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    DestIpRanges []string
    Destination IP address range in CIDR format. Required for EGRESS rules.
    DestRegionCodes []string
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    DestThreatIntelligences []string
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    Layer4Configs []FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    SrcAddressGroups []string
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    SrcFqdns []string
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    SrcIpRanges []string
    Source IP address range in CIDR format. Required for INGRESS rules.
    SrcRegionCodes []string
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    SrcThreatIntelligences []string
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    destAddressGroups List<String>
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    destFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    destIpRanges List<String>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    destRegionCodes List<String>
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    destThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    layer4Configs List<FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    srcAddressGroups List<String>
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    srcFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    srcIpRanges List<String>
    Source IP address range in CIDR format. Required for INGRESS rules.
    srcRegionCodes List<String>
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    srcThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    destAddressGroups string[]
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    destFqdns string[]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    destIpRanges string[]
    Destination IP address range in CIDR format. Required for EGRESS rules.
    destRegionCodes string[]
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    destThreatIntelligences string[]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    layer4Configs FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config[]

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    srcAddressGroups string[]
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    srcFqdns string[]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    srcIpRanges string[]
    Source IP address range in CIDR format. Required for INGRESS rules.
    srcRegionCodes string[]
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    srcThreatIntelligences string[]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    dest_address_groups Sequence[str]
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    dest_fqdns Sequence[str]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    dest_ip_ranges Sequence[str]
    Destination IP address range in CIDR format. Required for EGRESS rules.
    dest_region_codes Sequence[str]
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    dest_threat_intelligences Sequence[str]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    layer4_configs Sequence[FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config]

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    src_address_groups Sequence[str]
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    src_fqdns Sequence[str]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    src_ip_ranges Sequence[str]
    Source IP address range in CIDR format. Required for INGRESS rules.
    src_region_codes Sequence[str]
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    src_threat_intelligences Sequence[str]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    destAddressGroups List<String>
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    destFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    destIpRanges List<String>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    destRegionCodes List<String>
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    destThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    layer4Configs List<Property Map>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    srcAddressGroups List<String>
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    srcFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    srcIpRanges List<String>
    Source IP address range in CIDR format. Required for INGRESS rules.
    srcRegionCodes List<String>
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    srcThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.

    FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config, FirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs

    IpProtocol string
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    Ports List<string>
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    IpProtocol string
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    Ports []string
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports List<String>
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol string
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports string[]
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ip_protocol str
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports Sequence[str]
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports List<String>
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    FirewallPolicyWithRulesRule, FirewallPolicyWithRulesRuleArgs

    Action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    Match FirewallPolicyWithRulesRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    Priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    Description string
    A description of the rule.
    Direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.
    Disabled bool
    Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    EnableLogging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    RuleName string
    An optional name for the rule. This field is not a unique identifier and can be updated.
    SecurityProfileGroup string
    A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    TargetResources List<string>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts List<string>
    A list of service accounts indicating the sets of instances that are applied with this rule.
    TlsInspect bool
    Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    Action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    Match FirewallPolicyWithRulesRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    Priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    Description string
    A description of the rule.
    Direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.
    Disabled bool
    Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    EnableLogging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    RuleName string
    An optional name for the rule. This field is not a unique identifier and can be updated.
    SecurityProfileGroup string
    A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    TargetResources []string
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    TargetServiceAccounts []string
    A list of service accounts indicating the sets of instances that are applied with this rule.
    TlsInspect bool
    Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action String
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    match FirewallPolicyWithRulesRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority Integer
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    description String
    A description of the rule.
    direction String
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.
    disabled Boolean
    Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enableLogging Boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    ruleName String
    An optional name for the rule. This field is not a unique identifier and can be updated.
    securityProfileGroup String
    A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    targetResources List<String>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    A list of service accounts indicating the sets of instances that are applied with this rule.
    tlsInspect Boolean
    Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action string
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    match FirewallPolicyWithRulesRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority number
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    description string
    A description of the rule.
    direction string
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.
    disabled boolean
    Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enableLogging boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    ruleName string
    An optional name for the rule. This field is not a unique identifier and can be updated.
    securityProfileGroup string
    A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    targetResources string[]
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts string[]
    A list of service accounts indicating the sets of instances that are applied with this rule.
    tlsInspect boolean
    Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action str
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    match FirewallPolicyWithRulesRuleMatch
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority int
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    description str
    A description of the rule.
    direction str
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.
    disabled bool
    Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enable_logging bool
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    rule_name str
    An optional name for the rule. This field is not a unique identifier and can be updated.
    security_profile_group str
    A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    target_resources Sequence[str]
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    target_service_accounts Sequence[str]
    A list of service accounts indicating the sets of instances that are applied with this rule.
    tls_inspect bool
    Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
    action String
    The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny", "apply_security_profile_group" or "goto_next".
    match Property Map
    A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.
    priority Number
    An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
    description String
    A description of the rule.
    direction String
    The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.
    disabled Boolean
    Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
    enableLogging Boolean
    Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.
    ruleName String
    An optional name for the rule. This field is not a unique identifier and can be updated.
    securityProfileGroup String
    A fully-qualified URL of a SecurityProfile resource instance. Example: https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group Must be specified if action is 'apply_security_profile_group'.
    targetResources List<String>
    A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
    targetServiceAccounts List<String>
    A list of service accounts indicating the sets of instances that are applied with this rule.
    tlsInspect Boolean
    Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.

    FirewallPolicyWithRulesRuleMatch, FirewallPolicyWithRulesRuleMatchArgs

    Layer4Configs List<FirewallPolicyWithRulesRuleMatchLayer4Config>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    DestAddressGroups List<string>
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    DestFqdns List<string>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    DestIpRanges List<string>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    DestRegionCodes List<string>
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    DestThreatIntelligences List<string>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    SrcAddressGroups List<string>
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    SrcFqdns List<string>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    SrcIpRanges List<string>
    Source IP address range in CIDR format. Required for INGRESS rules.
    SrcRegionCodes List<string>
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    SrcThreatIntelligences List<string>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    Layer4Configs []FirewallPolicyWithRulesRuleMatchLayer4Config

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    DestAddressGroups []string
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    DestFqdns []string
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    DestIpRanges []string
    Destination IP address range in CIDR format. Required for EGRESS rules.
    DestRegionCodes []string
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    DestThreatIntelligences []string
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    SrcAddressGroups []string
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    SrcFqdns []string
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    SrcIpRanges []string
    Source IP address range in CIDR format. Required for INGRESS rules.
    SrcRegionCodes []string
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    SrcThreatIntelligences []string
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    layer4Configs List<FirewallPolicyWithRulesRuleMatchLayer4Config>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    destAddressGroups List<String>
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    destFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    destIpRanges List<String>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    destRegionCodes List<String>
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    destThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    srcAddressGroups List<String>
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    srcFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    srcIpRanges List<String>
    Source IP address range in CIDR format. Required for INGRESS rules.
    srcRegionCodes List<String>
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    srcThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    layer4Configs FirewallPolicyWithRulesRuleMatchLayer4Config[]

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    destAddressGroups string[]
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    destFqdns string[]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    destIpRanges string[]
    Destination IP address range in CIDR format. Required for EGRESS rules.
    destRegionCodes string[]
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    destThreatIntelligences string[]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    srcAddressGroups string[]
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    srcFqdns string[]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    srcIpRanges string[]
    Source IP address range in CIDR format. Required for INGRESS rules.
    srcRegionCodes string[]
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    srcThreatIntelligences string[]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    layer4_configs Sequence[FirewallPolicyWithRulesRuleMatchLayer4Config]

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    dest_address_groups Sequence[str]
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    dest_fqdns Sequence[str]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    dest_ip_ranges Sequence[str]
    Destination IP address range in CIDR format. Required for EGRESS rules.
    dest_region_codes Sequence[str]
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    dest_threat_intelligences Sequence[str]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    src_address_groups Sequence[str]
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    src_fqdns Sequence[str]
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    src_ip_ranges Sequence[str]
    Source IP address range in CIDR format. Required for INGRESS rules.
    src_region_codes Sequence[str]
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    src_threat_intelligences Sequence[str]
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
    layer4Configs List<Property Map>

    Pairs of IP protocols and ports that the rule should match. Structure is documented below.

    The layer4_config block supports:

    destAddressGroups List<String>
    Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
    destFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
    destIpRanges List<String>
    Destination IP address range in CIDR format. Required for EGRESS rules.
    destRegionCodes List<String>
    Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of destination region codes allowed is 5000.
    destThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
    srcAddressGroups List<String>
    Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
    srcFqdns List<String>
    Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
    srcIpRanges List<String>
    Source IP address range in CIDR format. Required for INGRESS rules.
    srcRegionCodes List<String>
    Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
    srcThreatIntelligences List<String>
    Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.

    FirewallPolicyWithRulesRuleMatchLayer4Config, FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs

    IpProtocol string
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    Ports List<string>
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    IpProtocol string
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    Ports []string
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports List<String>
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol string
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports string[]
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ip_protocol str
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports Sequence[str]
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    (Output) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
    ports List<String>
    (Output) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    Import

    FirewallPolicyWithRules can be imported using any of these accepted formats:

    • locations/global/firewallPolicies/{{policy_id}}

    • {{policy_id}}

    When using the pulumi import command, FirewallPolicyWithRules can be imported using one of the formats above. For example:

    $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}}
    
    $ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi